1b451adbebf860966630df870e2c152dcc99b123c55c3c3848bb633284d4d9fb

Analysis

max time kernel
127s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03-07-2024 09:56

Target

21ef602172abca7dc1b0b53e8f36360f_JaffaCakes118.dll
Size

256KB
MD5

21ef602172abca7dc1b0b53e8f36360f
SHA1

80d15ae2c3dff67f5613a467fbaa7bae3a2c8e5f
SHA256

1b451adbebf860966630df870e2c152dcc99b123c55c3c3848bb633284d4d9fb
SHA512

22c5687f800169dc79c6bbcea24c2de3c7220bae3ccf6ba6d2693521bdddd6a2763ac41cc509e3fcf010f5f379520ce83f288951fb61e4181af771721590f59a
SSDEEP

3072:EBB3ZWCmo46T+k10B0v4Y0dTROO5wBHw58WTJ9KhFhagYf2nD/g6O3asxIbv7e:2pWJna10B0w5qMwNw58WTJ1D2n7gQ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 4956	1976	regsvr32.exe	82
PID 1976 wrote to memory of 4956	1976	regsvr32.exe	82
PID 1976 wrote to memory of 4956	1976	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\21ef602172abca7dc1b0b53e8f36360f_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\21ef602172abca7dc1b0b53e8f36360f_JaffaCakes118.dll
  2⤵
  PID:4956

memory/4956-0-0x0000000075400000-0x0000000075440000-memory.dmp

Filesize
256KB

Download
memory/4956-2-0x0000000075400000-0x0000000075440000-memory.dmp

Filesize
256KB

Download
memory/4956-4-0x0000000002850000-0x0000000002875000-memory.dmp

Filesize
148KB

Download
memory/4956-3-0x0000000000F20000-0x0000000000F22000-memory.dmp

Filesize
8KB

Download
memory/4956-1-0x0000000075403000-0x000000007542C000-memory.dmp

Filesize
164KB

Download